Some of our readers have pointed out that more media attention is being given to the rather alarming and large number of compromised machines that have been tallied by F-Secure in their "Weblog: News from the Lab" site.

In summary it is a combination of the "q=" value from the GET call, - combined with an assessment of unique IP addresses being tracked over time, that yeilds their final tally. I would encourage you to read their fine details as per the link above.

Argh! Its a brand new day, and another brand new batch of Spam to delete from the inbox.. For those of you that may have a passing curiosity of where all this unsolicited stuff originates from, I have found that the current state of affairs is probably best described through the work of Joe Stewart - Director of Malware Research at SecureWorks.

In his latest Threat Analyses document: "Spam Botnets to Watch in 2009", as well as a previous document from 2008: "Top Spam Botnets Exposed", Mr. Stewart goes into detail about the various Bot-based, Spam Generation clusters that exist on the Internet, and how they can be categorized based on their behaviour - including the "types" of Spam each cluster tends to yield.

To combat this phenomenon, a number of ISP's (including the ISP I purchase my services from) have implemented outbound TCP Port 25 (SMTP) blocking - forcing the customer to only use the SMTP servers associated with the ISP. It was rather alarming to read in Mr. Stewart's latest document about a category of malware known as "Gheg" or "Tofsee" that has the capability to "...route spam through the victim's ISP's mailserver" - effectively circumventing the whole TCP Port 25 blocking techinque above!

I had asked around for any evidence that such a "smarter" Spam Bot actually exists, and was provided the following section of a packet capture by the "honeynor.no" group:

Note the smtp=bad directive that gives indication that TCP Port 25 blocking is in effect and an alternate means would be required to make the Spam Bot function.

Another interesting section in Mr. Stewart's latest document is entitled "McColo Takedown". Again a quick canvas to other folks combined with some searching leads me to this amazing graph from the SpamCop.net website that easily shows the significant Spam reduction effect as a result of this mid-November, 2008 event: